Validation of ECC-based algorithm another step in ECC standardization and widespread adoption
MISSISSAUGA, Ontario – (November 15, 2004)– Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that that its implementation for the Elliptic Curve Digital Signature Algorithm (ECDSA) has earned the Federal Information Processing Standards (FIPS) 186-2 validation certification No.1 -making it the first company to receive the designation for an elliptic curve cryptography (ECC) -based algorithm.
This validation is particularly valuable for original equipment manufacturers (OEMs) and software vendors who sell to government organizations. By using Certicom's ECDSA implementation in their products, they meet FIPS requirements without undergoing the time-consuming and costly testing process. ECDSA is used to build in digital signature functionality and is a faster alternative to legacy algorithms.
For the cryptography community, and in particular proponents of ECC, the testing of ECC as part of the FIPS validation process is a significant step in the adoption of this public key cryptosystem. Considered a benchmark for security in government, a FIPS validation assures users that a given technology has passed rigorous testing by an accredited third party lab as set out by the National Institute of Standards for Technology (NIST) and can be used to secure sensitive information. Typically, it drives wide-scale adoption in government and in commercial sectors, particularly in the financial and healthcare sectors that recognize the significance of FIPS validation. This milestone in ECC's evolution follows last year's announcement from the National Security Agency (NSA) that ECC is a 'crucial technology'. Both events are part of the U.S. Government's crypto modernization program.
"A major hurdle to widespread adoption of any security technology is standardization. We witnessed that 25 years ago with the Data Encryption Standard (DES) and now are seeing it play out with Advanced Encryption Standards (AES), the successor to DES," said Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. "As a complementary cryptosystem to AES, we can expect the same for ECC. By testing ECC-based algorithms in the FIPS certification process, NIST added a level of assurance that says they've done the due diligence on it and now organizations can be very comfortable adopting it."
ECC is a computationally efficient form of cryptography that offers equivalent security to other competing technologies but with much smaller key sizes. This results in faster computations, lower power consumption, as well as memory and bandwidth savings, thereby making it ideal for today's resource-constrained environments.
Certicom is considered a pioneer in ECC research and implementations, backed by 20 years of experience. The company developed the industry's first toolkit to include ECC, which has since been adopted by over 300 organizations. Tomorrow it will host the Certicom ECC Conference 2004, the first-ever conference that brings together Elliptic Curve Cryptography researchers, industry experts and users. During the two-day conference, participants from North America, Europe and Asia will discuss the evolution of ECC and share best implementation practices and insights for future applications.
About Certicom
Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government’s National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com.
For further information, please contact:
For Certicom | ||
Tim Cox | Brendan Ziolo | |
ZingPR | Certicom Corp. | |
(650) 369-7784 | (613) 254-9267 | |
tim@zingpr.com | bziolo@certicom.com |